Difference between revisions of "Apache 2"

(Virtual host declaration)
Line 113: Line 113:
 
==Firewall==
 
==Firewall==
  
You have to open the following ports:
+
see [[Firewall INPUT filters#Web server]]
* Port 80 = HTTP
 
* Port 443 = HTTPS
 
 
 
<syntaxhighlight lang="bash">
 
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 80 -j ACCEPT
 
$IPTABLES -A INPUT -p tcp -m state -i eth0 --dport 443 -j ACCEPT
 
</syntaxhighlight>
 
  
 
Restart the firewall
 
Restart the firewall

Revision as of 17:48, 8 August 2014



Requirements

Before going through this tutorial, I recommend you to setup:



Installation

Apache 2

This will install web server + PHP + Perl + all required libraries.

Apache2 core

apt-get install apache2 apache2-mpm-prefork apache2-utils ssl-cert


Additional libraries

apt-get install libapache2-mod-fcgid libruby


Doc

apt-get install apache2-doc


Perl

apt-get install libapache2-mod-perl2 libapache2-mod-perl2-doc


SNMP

Sometimes you might encounter some SNMP errors on latest Debian based distributions.

In that case you have to install a new package and run it.

apt-get install snmp-mibs-downloader
download-mibs


source: http://www.podciborski.co.uk/miscellaneous/snmp-cannot-find-module/


PHP 5

Core

apt-get install libapache2-mod-php5 php5 php5-common


Modules PHP5

apt-get install php5-cli php5-cgi
apt-get install php5-curl php5-xmlrpc php5-xsl php5-dev php-pear 
apt-get install php5-mysql 
apt-get install php5-memcache php5-xcache
apt-get install php5-mhash php-auth php5-mcrypt mcrypt
apt-get install php5-imap 
apt-get install php5-snmp


Image Magick

apt-get install php5-gd php5-imagick imagemagick


Configuration

Edit PHP config file:

vim /etc/php5/apache2/php.ini

Add / uncomment the following lines in Dynamic extensions area (~ line 865)

  • extension=mysql.so
  • extension=gd.so


!! Note this is NOT required on Ubuntu 14.04 because these modules are enabled by default !!


Firewall

see Firewall INPUT filters#Web server

Restart the firewall

/etc/init.d/firewall restart


Test your installation

Restart the Apache2 server

service apache2 restart


You can now test your installation by going to 'http://localhost' or 'http://myServer'. You should see the default page.




HTTP Virtual host

Preparation

Initialize configuration

cd /etc/apache2/sites-available/


Create target directory

mkdir -p /var/www/myServer


Prepare the log files

mkdir -p /var/log/apache2/myServer
touch /var/log/apache2/myServer/access.log
touch /var/log/apache2/myServer/error.log
chmod -R 660 /var/log/apache2/myServer/*
chown -R www-data:www-data /var/log/apache2/myServer/*


Copy default index file

cp /var/www/html/index.html /var/www/myServer
chown -R www-data:www-data /var/log/apache2/myServer/*


Configuration

Init configuration

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/myServer.conf


Edit configuration

vim /etc/apache2/sites-available/myServer


To begin the virtual host, write the following lines:

  • Adjust the settings to your own configuration
<VirtualHost 192.168.0.100:80>		  → Choose the best options for your needs
<VirtualHost *:80>

	#############################
        # Server main properties
	#############################

	ServerName		myServer
	ServerAlias		www.myServer *.myServer
	ServerAdmin		webmaster@domain
	
	# Logs settings
	LogLevel		Warn
	CustomLog		${APACHE_LOG_DIR}/myServer/access.log combined
	ErrorLog		${APACHE_LOG_DIR}/myServer/error.log


	#############################
        # Root folder properties
	#############################
	DocumentRoot	/var/www/myServer

        # SECURITY: forbid access to .htaccess so no outsider can ever change it
        <Files ~ "^\.ht">
                ## Old Apache2 (before 2.4) syntax
                Order allow,deny
                deny from all

                ## Apache 2.4 syntax
                Require all denied
        </Files>
        # Restrict access to server root
        <Directory />
                Options FollowSymLinks
                AllowOverride None
                Require all denied
        </Directory>


        # Virtual host root directory
	<Directory /var/www/myServer>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None

                ## Old Apache2 (before 2.4) syntax
		Order allow,deny
		allow from all
                
                ## Apache 2.4
                Require all granted  
	</Directory>


	#############################
        # Other configuration
        # Alias, proxy redirections, CGI scripts, Directory, etc.
	#############################



</VirtualHost>


Enable / disable virtual host(s)

Virtual Host desactivation

If you're listening on *:80 then you should probably disable the default virtual host before enabling yours!

a2dissite 000-default



Virtual Host activation

To activate a Virtual Host, just type

a2ensite  myServer

Then, restart your web server

/etc/init.d/apache2 restart


Check your server! You should see your "index.html" page.


HTTPS (SSL) Virtual host

Create SSL certificate

First of all, you need to create a server certificate. Cf. SSL dedicated document → Create a new server certificate

>> see SSL server


Enable SSL module

You have to either copy or create symlinks for server certificate.

To avoid rights collision I'm using a copy operation. However I know from past experience that symLinks work very well if you set the correct rights.


-Note-

You MUST use the NON-ENCRYPTED private key if you want to start Apache2 automatically on each reboot.


Copy certificates

cp /srv/ssl/certs/myServer.cert.pem /etc/apache2/webServer.pem
cp /srv/ssl/private/myServer.nopass.key /etc/apache2/webServer.key


Alternative: Symlinks to /srv/ssl/

ln -s /srv/ssl/certs/myServer.cert.pem /etc/apache2/webServer.pem
ln -s /srv/ssl/private/myServer.nopass.key /etc/apache2/webServer.key


Activate the SSL module

a2enmod ssl


Prepare virtual host (optional)

Create virtual host folder

mkdir -p /var/www/myServer-ssl
cp /var/www/index.html /var/www/myServer-ssl
chown -R www-data:www-data /var/www/myServer-ssl


Prepare the log files (optional)

# That should already exists from before
mkdir -p /var/log/apache2/myServer

# Create *-ssl.log
touch /var/log/apache2/myServer/error-ssl.log
touch /var/log/apache2/myServer/access-ssl.log
chmod -R 660 /var/log/apache2/myServer/*
chown -R www-data:www-data /var/log/apache2/myServer/*


Create a default "/var/www/myServer-ssl/index.html" to check your virtual host.

If you'd like you can use this ultra-simple file [1]

cd /var/www/myServer-ssl/
wget http://daxiongmao.eu/wiki_upload_files/apache2/index.html
chown www-data:www-data index.html



Virtual host declaration

You have 2 possibilities:

  • Update your current virtual host (recommended)
  • Create a new one, only for the SSL virtual host


Update non-ssl V.Host configuration

vim /etc/apache2/sites-available/myServer


!! Adjust the settings to your own configuration !!

# Secure web server
<VirtualHost _default_:443>
<VirtualHost 192.168.0.100:443>		   → Choose the best options for your needs
<VirtualHost *:443>

	#############################
        # Server main properties
	#############################

	ServerName		myServer
	ServerAlias		www.myServer *.myServer
	ServerAdmin		webmaster@domain
	
	# Logs settings
	LogLevel		Warn
	CustomLog		${APACHE_LOG_DIR}/myServer/access-ssl.log combined
	ErrorLog		${APACHE_LOG_DIR}/myServer/error-ssl.log

        # Enable SSL
        SSLEngine               	On
        SSLCertificateFile      	/etc/apache2/webServer.pem
        SSLCertificateKeyFile   	/etc/apache2/webServer.key

	#############################
        # Root folder properties
	#############################
	DocumentRoot	/var/www/myServer-ssl


        # SECURITY: forbid access to .htaccess so no outsider can ever change it
        <Files ~ "^\.ht">
                ## Old Apache2 (before 2.4) syntax
                Order allow,deny
                deny from all

                ## Apache 2.4 syntax
                Require all denied
        </Files>

        # Restrict access to server root
        <Directory />
                Options FollowSymLinks
                AllowOverride None
                Require all denied
        </Directory>

        # Virtual host root directory
	<Directory /var/www/myServer-ssl>
                Require all granted
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		
                ## Old Apache2 (before 2.4) syntax
		Order allow,deny
		allow from all
                
                ## Apache 2.4
                Require all granted  
	</Directory>


	#############################
        # Other configuration
        # Alias, proxy redirections, CGI scripts, Directory, etc.
	#############################

	Alias 	/phpsec   /var/somewhere/phpsecinfo
	<Location /phpsec >
                ## Old apache 2 (before 2.4) 
		order deny,allow
		allow from all
		Allow from 127.0.0.1 192.168.1.0/24

                ## Apache 2.4
		require local
		require ip 192.168.1
                require host dev.daxiongmao.eu
        </Location>
</VirtualHost>


Restart the web server

service apache2 restart


Now you can test your server https://myServer


If you've use a self-signed certificate you might see some alert. Just discarded it and process anyway!

Related topics

Distribute and install the certificates

Some guides to setup specific application and features: